You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by ju...@apache.org on 2013/11/26 21:29:30 UTC

svn commit: r1545820 - /jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/evaluation/ShadowInvisibleContentTest.java

Author: jukka
Date: Tue Nov 26 20:29:30 2013
New Revision: 1545820

URL: http://svn.apache.org/r1545820
Log:
OAK-928: Read access is enforced on NEW items

When a perfect copy of the shadowed content is added, the commit() becomes
a no-op and no write access checks get perfomed.

Modified:
    jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/evaluation/ShadowInvisibleContentTest.java

Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/evaluation/ShadowInvisibleContentTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/evaluation/ShadowInvisibleContentTest.java?rev=1545820&r1=1545819&r2=1545820&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/evaluation/ShadowInvisibleContentTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/evaluation/ShadowInvisibleContentTest.java Tue Nov 26 20:29:30 2013
@@ -68,11 +68,11 @@ public class ShadowInvisibleContentTest 
         Root testRoot = getTestRoot();
         Tree a = testRoot.getTree("/a");
 
-        // /a/x not visible to this session
+        // /a/aProp not visible to this session
         assertNull(a.getProperty("aProp"));
         assertFalse(a.hasProperty("aProp"));
 
-        // shadow /a/x with transient property of the same name
+        // shadow /a/aProp with transient property of the same name
         a.setProperty("aProp", "aValue1");
         assertNotNull(a.getProperty("aProp"));
         assertTrue(a.hasProperty("aProp"));
@@ -84,27 +84,27 @@ public class ShadowInvisibleContentTest 
     }
 
     @Test
-    @Ignore // FIXME how do we handle the case where the shadowing item is the same as the shadowing item?
     public void testShadowInvisibleProperty2() throws Exception {
         setupPermission("/a", testPrincipal, true, PrivilegeConstants.JCR_ALL);
         setupPermission("/a", testPrincipal, false, PrivilegeConstants.REP_READ_PROPERTIES);
+        setupPermission("/a", testPrincipal, false, PrivilegeConstants.REP_ALTER_PROPERTIES);
 
         Root testRoot = getTestRoot();
         Tree a = testRoot.getTree("/a");
 
-        // /a/x not visible to this session
-        assertNull(a.getProperty("x"));
+        // /a/aProp not visible to this session
+        assertNull(a.getProperty("aProp"));
+        assertFalse(a.hasProperty("aProp"));
 
-        // shadow /a/x with transient property of the same name
-        a.setProperty("x", "xValue");
-        assertNotNull(a.getProperty("x"));
+        // shadow /a/aProp with transient property of the same name *and value*
+        a.setProperty("aProp", "aValue");
+        assertNotNull(a.getProperty("aProp"));
+        assertTrue(a.hasProperty("aProp"));
 
-        try {
-            testRoot.commit();
-            fail();
-        } catch (CommitFailedException e) {
-            assertTrue(e.isAccessViolation());
-        }
+        // after commit() normal access control again takes over
+        testRoot.commit(); // does not fail since no changes are detected, even when write access is denied
+        assertNull(a.getProperty("aProp"));
+        assertFalse(a.hasProperty("aProp"));
     }
 
     @Ignore("OAK-869") // FIXME: OAK-869